Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
26-08-2024 18:55
Static task
static1
Behavioral task
behavioral1
Sample
c39e50db7bba6d5e7f8d1a591c30c453_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c39e50db7bba6d5e7f8d1a591c30c453_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c39e50db7bba6d5e7f8d1a591c30c453_JaffaCakes118.html
-
Size
54KB
-
MD5
c39e50db7bba6d5e7f8d1a591c30c453
-
SHA1
481b2fa24dd41f41d9fc7fd63fe24611ab26ca7d
-
SHA256
24d04be48b29e48a80f8aa38785280974026a204a70651ef10e33a3b47539c0d
-
SHA512
6ef22ed7a2cfb1acab5c1e9f9a5b6af3cabd714a7f13f170cff5234f0296a5404f40c215d6324bff19b39b1fac438d2d92146e63c21f3247c449e101641c74db
-
SSDEEP
768:xACNXPIpB3Jgt+fl5FQijPXncxFfkRNbeKQq7lq2SfH:xAGIpB3Jgt+fl5FTjUJYF7lI
Malware Config
Signatures
-
SocGholish
SocGholish is a JavaScript payload that downloads other malware.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
IEXPLORE.EXEdescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430860385" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BC2B0691-63DC-11EF-84B3-46A49AEEEEC8} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 1968 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 1968 iexplore.exe 1968 iexplore.exe 2760 IEXPLORE.EXE 2760 IEXPLORE.EXE 2760 IEXPLORE.EXE 2760 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 1968 wrote to memory of 2760 1968 iexplore.exe IEXPLORE.EXE PID 1968 wrote to memory of 2760 1968 iexplore.exe IEXPLORE.EXE PID 1968 wrote to memory of 2760 1968 iexplore.exe IEXPLORE.EXE PID 1968 wrote to memory of 2760 1968 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c39e50db7bba6d5e7f8d1a591c30c453_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1968 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2760
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
854B
MD5e935bc5762068caf3e24a2683b1b8a88
SHA182b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD55b80b7db25ca8cf97e3e559efc6fe0ac
SHA117268e268bdf33f58e585c840e8f12b1edcc9793
SHA256bce94058599bb5c98f74fcd22d224c93b576c73bc3c3ce3032af01b719d0240a
SHA5128260c031ea0038e49bccec419669767a9da89b1455629bc92da897449eafd48b15dbb32a5e203d33bf3b18c7855ed50f3a213970f2bbb9a59b61ecfa568853ca
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize410B
MD55cadb0bb51f90ba9e16d7e31d2c16bb9
SHA19d04eb2969b81cb0a8249a5a7c2494ff3e41750e
SHA2566b7f9677f51fac218051dcbd3b0c5afc5da0decc7a52213293a45e8a103da2fb
SHA5129848704c506f27bf6a1040d502d1f846fbf1f333a8ba67dea8ea20e829e242cca543b06d87f55eed21f4bff7a1b23491ab180350244bede9c6176cb1b04df8ff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5d84f34ebb59321e2c5b3db6b31dc79d7
SHA1f4c719bec4be28d5fe05e479def1ba73577b42f5
SHA256c4c51705ac56579b3bc3eff2977105d13cb6a24d84612d323b4e6f20ada9f351
SHA512f9bc51e49b9ae852db1ac738b81d0ef153947ec1154cabb30705e31f354e700d12f2ba66249171fa895f548f779aa8d270aa1c13f0c9cb2e6f9baafbf7ff7395
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d201d33491f92f7f92cb26a5dca362ac
SHA171c1a86a77e44462b85d98af17aa8026efbe9044
SHA256dfa2c24145f0f49e22eff1f0aa50da0f9560c1aa67ff9689e492fbc3f85f14fa
SHA512234f09deb6c9ffeb779a3265cceeb4bd4f234cafb1d9b824c623d9be9158fc6e31e812293f943a465c32cb14e55a4cd2a460531371f9eff0359d8b4cdf402868
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD593fb6c0fd0ea77871087e0faa3c24d5b
SHA12d7ecd5bef7cdf545ea394459217977d85136d1a
SHA2562eef0d1d11118cbe9bb50af93f583aa3a1d4ccc02282193234ddef9bfed388b9
SHA512a119924f589a32b17cffbba8e29341bef25566208cb816efb5b4159fc101dd0ad6583adca24732d9051f6e3748482ac1ec4d5f42e603548a092a605f455e90a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e4c4dcc8080c8d6f4d461569683a5471
SHA1b853ed5013ec7e8b200fcc1a0ceccf3258d115db
SHA25615cf485f3456df3ed8f9edf7fa42dc1e3f161232e5b4befa7bc262b43f3f0936
SHA51231041aba3873eff123607992ecd4fffff514c1aabd8a40341f39dc15d2e47837f620f07cec36c0be0f03416ae8038f3edb1c79d1c7604342fe1e5880fb161293
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD558e931143da3a176da76bd4db19e0ff5
SHA10aeb246dee30d0cde36d481edd854e0a0a46cff9
SHA256e86bd08f39fe6babf520b7f27e03d9823f47260de19777e88859089c0cc44f17
SHA5121c387ad546993b9b65acbb58c6850fcd99b6b39676a9770d99e64e67b1b10dcbd5c435c4d31167471fc8d6f703624d9af40e8def831c78fd454bc0d853d2c3c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc3dc4b434e71cb9059a54a238cfe683
SHA1077c9b51563e0e345754b09cebe66a4d3b9812be
SHA2569d14dc41b939c66f86f623ac7380d833e0b0caa14da459308fad77ac3113737c
SHA51221eb0cee3960a5dcb667a27c6eafc741a623f145295abfdf9a66af80ee1d2ba28c3136b87fa85e358ced3e22e5219e4ad836c20d6d18244d1ea3694bdcb74559
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD522dbb7d75f6f685a0fc5e24d6003d637
SHA14c95715ca3bbda4c7ab1f1e7faa4a3bc85113536
SHA2567ed462ab8a87730f83b160c31a26d2131c464608bd16f015f46d57a9560b6991
SHA512e986b7e8cea6175fd08fe1523408983f24e78f00ad55da568ddc7b6897a627f26e1c62f838fb5c8836cf244d2bf08e426583b085858feddf227c442b72ae0b16
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52a499fd07a6abf9cce56ebd569f86d90
SHA1d174d1bb2fef0c1008acf94794331e5dd828d553
SHA2561f1e716f16fc48e97489d931ad9f0bbe4241aa8cf03635142b2ea7ecef3e5998
SHA512609697afe77c07f00f03f86fa2c5b8884077e9b354d25f8d06b97d7967244a848612b331a6d443ce0b751c7f3ae99a60147038b7c251c04e21c044840fd2dfca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c2550fc0c6f64a5bb9503c2e137a565b
SHA1b91f7d3c5cd0e0aa2c06a9752b16f69147ef11cc
SHA2565175e5c7c4f60bd26b218266dca5cb8f68a430ca10b958faf753e7cd340ab9bb
SHA51249a4104e22f4b2ca1ed21065078db5307d1725832fe1e7ad15380f05041f53ed96a383b0e72b57cd3560f59d0c5253a29cc5566c076d3d9c39904c22868d2222
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57517cf765aabbc7bb62e2ee41ee5f0fd
SHA12a22fc9522207ffb01e839506fa5170fa114d65b
SHA256a9ff78c513aa42dc6704efdc903af19460848d9c7b395c2856c468595723dcde
SHA51264d27d36945c85370748d1528fb2ad17848ecef131a59ff7caeda810edf47900c1a66b4db844406b4f016981eaf736d09c28aefb30554446ebfc6e03b66d2ae8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d3d3cbab57453ae43767e64c94ccab07
SHA135d21f99f559a434a756e60de9756be92c9e9afa
SHA256d7dd7d1fe793eafa9d370e70cb1ad178909d7863ae32e4686594722603326b3a
SHA5120c17d5ccab5d5f3f0816e3ee363d3ac324ec9c6ce4788b3c16ea51cd8b6b854fef4707ba3b4175106f0cdb20547a4a11f1ce56b22a2d557d3ffdd49ab4ff09bd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f3b08a69b78b3f5aec2faac21ffd70f3
SHA15b2c94308b0f8c8816bbf9d3057f46e3d4020ff1
SHA2569c62e004973b053f06c9024dbee54580a95b66b8a11d27cea061f1cd2be999ff
SHA51247c4768a2aea8ed975cd9359c0af6479879a3c0aead75c9ec995c0eea0b09ef3c1b81bbdeb70a28b714232b8da16598b7bafe1ee0152ba8500b6c51161eb1a8f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa5a24647b5216d09daea4b5053916e8
SHA1fc436fa53313817652cb6a4f193a854a359ce2e5
SHA256346b38e2d353713443e3ac9cb73f63738c147e1a60c8145d16a05b6116a20298
SHA512294e32cd1e078efd7aa4e85ab7068f2ad80b7857869293d58f174c15f1a25d15684f227fdb493b3ff95eed468eaae5f9dd7d4a557dcd84851e8dffd3a1f52d4f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c79a2c263c8dd96d98771c4f91f1c85e
SHA158fc40ab136dfa66321a9d47ffd7e01c6bdf30df
SHA2566d9c8ab5186ddd6077ea390b77d95b072dfd170b2a5e6c4923e0928fe5d45321
SHA512dad5859bcfad002c3b5c731682e817521c52184a9b75d88eb17ca8717cfe25b75a0fc8a9288255131d6900a24ef1b1565a3353c6d8a60ea5f9ee4af8fcb4dd32
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b5f29ac253e953f81d89e528e41ed539
SHA1fa225b65817c2ddba2d3b46bf6df6c9c5b2cfa60
SHA256a74c6eedb2ab5bf270b81176d9975e5a806a20656a274f8c20b87b643f157b21
SHA51225ea77e7b57adb466688052574c6660489c2264e337926be0339df82ea6d9a0d135d74b62d32bfd7a0154eb518dc52553a9e9c9fdfdab3334ce012d4945c4cd1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD52a2d601197de539d592db2a2b9bfc5d0
SHA1b62d7dcf330354ae05bd82bf8281118db3e718bf
SHA25680b6b1c43b23b3bf454faa9dab3209a00280cac7baf5b571b351941c886b2863
SHA5121457c4f33796247eebdf9f5a54aba580824b1f63830529fc1c29fbb984d31bfb6847de732c71d7be3bdac7fe5f9078959fc3b9d4f56aa5993f29870a2f54e6b8
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b